THE blog article from SOCRadar provides an in-depth analysis of a cybercrime operation named "The Quarry," which is a Phishing-as-a-Service (PhaaS) ecosystem. The operation, led by a threat actor known as RockyBelling, sells phishing toolkits to nearly 200 affiliates engaging in various campaigns, particularly targeting U.S. citizens through fraudulent IRS and SSA communications.
Key findings include the use of legitimate remote access software, advanced traffic cloaking techniques, and a modular service catalog that includes customizable phishing kits, a VBS dropper, and remote management tools. The targeted victim demographic primarily includes individuals in the U.S., with a significant focus on tax-related lures. The blog concludes with strategies for detecting and defending against such phishing attacks.